CHA General Data Protection Policy

Data Protection law in the UK will undergo some significant changes with the introduction of the General Data Protection Regulations [GDPR] which come into force on 25th May 2018.

The Crouch Harbour Authority’s [CHA] remit necessitates the collection and use of certain types of information about persons with whom it transacts and deals in carrying out its statutory and additional responsibilities. These include past and prospective employees, suppliers, stakeholders, trustees and River Crouch and Roach harbour plaque holders as well as others with whom it needs to communicate.

In addition, it may occasionally be required by law to collect and use certain types of information of this kind to comply with the requirements of government departments for business data.

The CHA identifies and recognises that this personal information must be dealt with appropriately, accurately and correctly however it is collected, recorded and used, be that on paper, in a computer or recorded by any other method.

We will always comply with GDPR when dealing with your personal data, The CHA respects the lawful and correct treatment of personal information is of the upmost importance and shall only hold such information as is sufficient, relevant and not excessive in relation to the purposes for which it is processed. Such information shall also be kept up to date and not held for longer than is necessary.

What information we collect from CHA Harbour Plaque Holders and for what purpose.

Bank and Payment Details

shredded using [cross shredding equipment, certificated to Payment Card Industry Data Security Standard] if details taken down by hand

or via automatic deletion process on completion of computerised payment

In addition the CHA will ensure that:

We will not transfer your data outside the EU without your consent.

We have implemented general acceptable standard of technology and operational security in order to protect personal data from loss, misuse or unauthorised alteration or destruction.

For any payment which we take from you online we will use a recognised online secure payment system.

We will notify you immediately in the event of any breach of your personal data which may expose you to risk.

We will ensure there is someone specifically responsible for data protection within the organisation and that queries about the handling of personal information are promptly and courteously dealt with.

We will ensure that everyone handling personal information understands that they are contractually responsible for following good data protection practice.

A regular audit and review will be made of the way the CHA manages personal information.

Your Rights

You have rights under GDPR:

To access your personal data

To be provided with information about how your personal data is processed

To have your personal data corrected

To have your personal data erased in certain circumstances

To restrict or object to how your personal data is processed

To make complaint about how we process your personal data to the Information Commissioner